[wpa_supplicant] Cumulative patch from commit 0c5ededed
Merge to enable randomized source MAC address for ANQP/GAS
messages. Addresses an issue with DPP when GAS MAC randomization
is enabled.
Enable GAS MAC randomization in HIDL.
Bug: 154393320
Test: Device boots up and connects to wifi networks, run traffic.
Test: Able to turn on/off softap, associate wifi STA, run traffic.
Test: Confirm ANQP messages are randomized from logs:
wpa_supplicant: GAS: Use a new random transmitter address ae:a2:5f:5e:65:11
Test: act.py -c ../WifiDppConfig.json -tc WifiDppTest
Test: Wi-Fi direct tests in CtsVerifier
Test: Regression test passed (Bug: 154769005)
0c5ededed DPP: Fix config exchange with gas_rand_mac_addr
60a2de568 EAP server: Convert Boolean to C99 bool
4d2ec436e DPP: Add driver operation for enabling/disabling listen mode
99cf89555 Include stdbool.h to allow C99 bool to be used
3e6383f31 DPP2: Silence compiler warning with no-CONFIG_DPP2 and OpenSSL 1.0.2
f23b70f16 Silence compiler warning in no-NEED_AP_MLME hostapd builds
011526874 nl80211: Move nl80211_init_connect_handle() to avoid forward declaration
2c70b7d0b Do not open l2_packet(EAPOL) for receive unnecessarily
7a880b129 l2_packet: Allow initialization without RX handling
95cbf4509 nl80211: Do not open EAPOL RX socket when using control port for RX (AP)
c3bb8865a Clean up l2_packet_get_own_addr() call
9d6334e81 Do not open l2_packet bridge workaround socket if control port is used
c1bc0dd80 nl80211: Disable EAPOL TX over control port in AP mode by default
12ea7dee3 nl80211: Use nl80211 control port for receiving EAPOL frames
8609aa5ba nl80211: Tie connect handle to bss init/destroy
b4a70018e nl80211: Handle control port frame in bss events
6f70fcd98 nl80211: Check ethertype for control port RX
932546ac2 nl80211: Add a separate driver capability for control port RX
bb9e3935d driver: Add second driver capability flags bitmap
6255a8ac1 WPS: Convert WPA/TKIP-only to WPA+WPA2 mixed mode credential
6b1c590eb Allow TKIP support to be removed from build
a6c689d35 FT: Testing override for RSNXE Used subfield in FTE (AP)
9b222b613 nl80211: Remove unnecessary inclusion of l2_packet.h
b2d8dc59f FT: Testing override for RSNXE Used subfield in FTE
5344af7d2 FT: Discard ReassocReq with mismatching RSNXE Used value
af0178c75 Add vendor attributes indicating number of spectral detectors
7a510a97b Add an attribute for secondary 80 MHz span of agile spectral scan
24a6bca70 PKCS#1: Debug dump invalid Signature EB
eac6eb702 X509: Use unique debug prints for unused bits entries
153333ef6 FT RRB: Remove confusing debug print about extra data
d867e1181 FT: Remove and re-add STA entry after FT protocol success with PMF
97beccc83 SAE: Fix build without DPP/OWE/ERP
c7a9a5745 P2P: Start group with user configured params after accepting invitation
512b6c02e DPP: Mandate mutual auth with NFC negotiated connection handover
872299f4b DPP2: Store netAccessKey in psk/sae credentials for reconfig
bf9f49396 OWE: Remove check for unexpected DH Parameter IE use with other AKMs
e4eb009d9 DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig
1dcfbab25 DPP2: Clear requirement for QR Code mutual authentication for chirping
Change-Id: Iecf7494c1be132e006dee9ec0a40283765bdddbb
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 5bf4502..35a32a1 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -74,8 +74,13 @@
bss->wpa_disable_eapol_key_retries =
DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
+#ifdef CONFIG_NO_TKIP
+ bss->wpa_pairwise = WPA_CIPHER_CCMP;
+ bss->wpa_group = WPA_CIPHER_CCMP;
+#else /* CONFIG_NO_TKIP */
bss->wpa_pairwise = WPA_CIPHER_TKIP;
bss->wpa_group = WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
bss->rsn_pairwise = 0;
bss->max_num_sta = MAX_STA_COUNT;
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 2a0bf07..0503400 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -686,6 +686,7 @@
struct wpabuf *igtk_rsc_override;
int no_beacon_rsnxe;
int skip_prune_assoc;
+ int ft_rsnxe_used;
#endif /* CONFIG_TESTING_OPTIONS */
#define MESH_ENABLED BIT(0)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 559bb87..524a151 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -117,7 +117,7 @@
u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
u8 *p = buf;
u16 reason = WLAN_REASON_UNSPECIFIED;
- u16 status = WLAN_STATUS_SUCCESS;
+ int status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
if (addr == NULL) {
@@ -606,17 +606,19 @@
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
elems.owe_dh) {
u8 *npos;
+ u16 ret_status;
npos = owe_assoc_req_process(hapd, sta,
elems.owe_dh, elems.owe_dh_len,
p, sizeof(buf) - (p - buf),
- &status);
+ &ret_status);
+ status = ret_status;
if (npos)
p = npos;
if (!npos &&
status == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
- hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
+ hostapd_sta_assoc(hapd, addr, reassoc, ret_status, buf,
p - buf);
return 0;
}
@@ -709,7 +711,8 @@
fail:
#ifdef CONFIG_IEEE80211R_AP
- hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
+ if (status >= 0)
+ hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
#endif /* CONFIG_IEEE80211R_AP */
hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
ap_free_sta(hapd, sta);
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 439e727..c8f691e 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -476,6 +476,7 @@
struct ap_info *ap_hash[STA_HASH_SIZE];
u64 drv_flags;
+ u64 drv_flags2;
/*
* A bitmap of supported protocols for probe response offload. See
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index e54217c..e6aa83d 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2526,32 +2526,10 @@
(!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
!(hapd->conf->mesh & MESH_ENABLED) &&
!(sta->added_unassoc)) {
- /*
- * If a station that is already associated to the AP, is trying
- * to authenticate again, remove the STA entry, in order to make
- * sure the STA PS state gets cleared and configuration gets
- * updated. To handle this, station's added_unassoc flag is
- * cleared once the station has completed association.
- */
- ap_sta_set_authorized(hapd, sta, 0);
- hostapd_drv_sta_remove(hapd, sta->addr);
- sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
- WLAN_STA_AUTHORIZED);
-
- if (hostapd_sta_add(hapd, sta->addr, 0, 0,
- sta->supported_rates,
- sta->supported_rates_len,
- 0, NULL, NULL, NULL, 0,
- sta->flags, 0, 0, 0, 0)) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_NOTICE,
- "Could not add STA to kernel driver");
+ if (ap_sta_re_add(hapd, sta) < 0) {
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
goto fail;
}
-
- sta->added_unassoc = 1;
}
switch (auth_alg) {
@@ -3126,11 +3104,11 @@
#endif /* CONFIG_OWE */
-static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
+static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *ies, size_t ies_len, int reassoc)
{
struct ieee802_11_elems elems;
- u16 resp;
+ int resp;
const u8 *wpa_ie;
size_t wpa_ie_len;
const u8 *p2p_dev_addr = NULL;
@@ -4097,7 +4075,8 @@
int reassoc, int rssi)
{
u16 capab_info, listen_interval, seq_ctrl, fc;
- u16 resp = WLAN_STATUS_SUCCESS, reply_res;
+ int resp = WLAN_STATUS_SUCCESS;
+ u16 reply_res;
const u8 *pos;
int left, i;
struct sta_info *sta;
@@ -4471,8 +4450,9 @@
}
#endif /* CONFIG_FILS */
- reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
- left, rssi, omit_rsnxe);
+ if (resp >= 0)
+ reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc,
+ pos, left, rssi, omit_rsnxe);
os_free(tmp);
/*
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 903be28..93f1f0c 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -1497,3 +1497,33 @@
return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
hapd, sta);
}
+
+
+int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta)
+{
+ /*
+ * If a station that is already associated to the AP, is trying to
+ * authenticate again, remove the STA entry, in order to make sure the
+ * STA PS state gets cleared and configuration gets updated. To handle
+ * this, station's added_unassoc flag is cleared once the station has
+ * completed association.
+ */
+ ap_sta_set_authorized(hapd, sta, 0);
+ hostapd_drv_sta_remove(hapd, sta->addr);
+ sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED);
+
+ if (hostapd_sta_add(hapd, sta->addr, 0, 0,
+ sta->supported_rates,
+ sta->supported_rates_len,
+ 0, NULL, NULL, NULL, 0,
+ sta->flags, 0, 0, 0, 0)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_NOTICE,
+ "Could not add STA to kernel driver");
+ return -1;
+ }
+
+ sta->added_unassoc = 1;
+ return 0;
+}
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index 8ff6ac6..308aa29 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -358,5 +358,6 @@
struct sta_info *sta);
int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
struct sta_info *sta);
+int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta);
#endif /* STA_INFO_H */
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index e0ffb27..8ecb173 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1836,7 +1836,7 @@
#ifdef CONFIG_IEEE80211R_AP
wpa_printf(MSG_DEBUG,
"FT: Retry PTK configuration after association");
- wpa_ft_install_ptk(sm);
+ wpa_ft_install_ptk(sm, 1);
/* Using FT protocol, not WPA auth state machine */
sm->ft_completed = 1;
@@ -5459,4 +5459,11 @@
return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
}
+
+void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val)
+{
+ if (wpa_auth)
+ wpa_auth->conf.ft_rsnxe_used = val;
+}
+
#endif /* CONFIG_TESTING_OPTIONS */
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 868aaa1..1ea067b 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -238,6 +238,7 @@
unsigned int rsnxe_override_ft_set:1;
unsigned int gtk_rsc_override_set:1;
unsigned int igtk_rsc_override_set:1;
+ int ft_rsnxe_used;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P
u8 ip_addr_go[4];
@@ -301,6 +302,7 @@
int *bandwidth, int *seg1_idx);
#ifdef CONFIG_IEEE80211R_AP
struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr);
+ int (*add_sta_ft)(void *ctx, const u8 *sta_addr);
int (*set_vlan)(void *ctx, const u8 *sta_addr,
struct vlan_description *vlan);
int (*get_vlan)(void *ctx, const u8 *sta_addr,
@@ -440,7 +442,7 @@
u16 auth_transaction, u16 resp,
const u8 *ies, size_t ies_len),
void *ctx);
-u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
+int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
size_t ies_len);
int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len);
int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
@@ -521,5 +523,6 @@
void *ctx1, void *ctx2);
int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth);
void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm);
+void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val);
#endif /* WPA_AUTH_H */
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 476a2be..4b17da7 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2647,6 +2647,13 @@
}
rsnxe_used = (auth_alg == WLAN_AUTH_FT) &&
(conf->sae_pwe == 1 || conf->sae_pwe == 2);
+#ifdef CONFIG_TESTING_OPTIONS
+ if (sm->wpa_auth->conf.ft_rsnxe_used) {
+ rsnxe_used = sm->wpa_auth->conf.ft_rsnxe_used == 1;
+ wpa_printf(MSG_DEBUG, "TESTING: FT: Force RSNXE Used %d",
+ rsnxe_used);
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len,
anonce, snonce, pos, end - pos,
subelem, subelem_len, rsnxe_used);
@@ -2747,7 +2754,16 @@
}
-void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+static inline int wpa_auth_add_sta_ft(struct wpa_authenticator *wpa_auth,
+ const u8 *addr)
+{
+ if (!wpa_auth->cb->add_sta_ft)
+ return -1;
+ return wpa_auth->cb->add_sta_ft(wpa_auth->cb_ctx, addr);
+}
+
+
+void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry)
{
enum wpa_alg alg;
int klen;
@@ -2769,6 +2785,9 @@
return;
}
+ if (!retry)
+ wpa_auth_add_sta_ft(sm->wpa_auth, sm->addr);
+
/* FIX: add STA entry to kernel/driver here? The set_key will fail
* most likely without this.. At the moment, STA entry is added only
* after association has been completed. This function will be called
@@ -3140,7 +3159,7 @@
sm->pairwise = pairwise;
sm->PTK_valid = TRUE;
sm->tk_already_set = FALSE;
- wpa_ft_install_ptk(sm);
+ wpa_ft_install_ptk(sm, 0);
if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
@@ -3235,7 +3254,7 @@
}
-u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
+int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
size_t ies_len)
{
struct wpa_ft_ies parse;
@@ -3433,7 +3452,7 @@
!parse.rsnxe) {
wpa_printf(MSG_INFO,
"FT: FTE indicated that STA uses RSNXE, but RSNXE was not included");
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
+ return -1; /* discard request */
}
#ifdef CONFIG_OCV
@@ -4560,7 +4579,6 @@
return -1;
}
status_code = WPA_GET_LE16(pos);
- pos += 2;
wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
"(status_code=%d)", status_code);
@@ -4573,11 +4591,6 @@
return -1;
}
- if (end > pos) {
- wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end",
- pos, end - pos);
- }
-
return 0;
}
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 7a1ed24..058b34c 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -174,6 +174,7 @@
wpabuf_len(conf->igtk_rsc_override));
wconf->igtk_rsc_override_set = 1;
}
+ wconf->ft_rsnxe_used = conf->ft_rsnxe_used;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P
os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
@@ -1038,6 +1039,34 @@
}
+static int hostapd_wpa_auth_add_sta_ft(void *ctx, const u8 *sta_addr)
+{
+ struct hostapd_data *hapd = ctx;
+ struct sta_info *sta;
+
+ sta = ap_get_sta(hapd, sta_addr);
+ if (!sta)
+ return -1;
+
+ if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
+ (sta->flags & WLAN_STA_MFP) && ap_sta_is_authorized(sta) &&
+ !(hapd->conf->mesh & MESH_ENABLED) && !(sta->added_unassoc)) {
+ /* We could not do this in handle_auth() since there was a
+ * PMF-enabled association for the STA and the new
+ * authentication attempt was not yet fully processed. Now that
+ * we are ready to configure the TK to the driver,
+ * authentication has succeeded and we can clean up the driver
+ * STA entry to avoid issues with any maintained state from the
+ * previous association. */
+ wpa_printf(MSG_DEBUG,
+ "FT: Remove and re-add driver STA entry after successful FT authentication");
+ return ap_sta_re_add(hapd, sta);
+ }
+
+ return 0;
+}
+
+
static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr,
struct vlan_description *vlan)
{
@@ -1399,6 +1428,7 @@
#ifdef CONFIG_IEEE80211R_AP
.send_ft_action = hostapd_wpa_auth_send_ft_action,
.add_sta = hostapd_wpa_auth_add_sta,
+ .add_sta_ft = hostapd_wpa_auth_add_sta_ft,
.add_tspec = hostapd_wpa_auth_add_tspec,
.set_vlan = hostapd_wpa_auth_set_vlan,
.get_vlan = hostapd_wpa_auth_get_vlan,
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index bc59d6a..813612e 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -300,7 +300,7 @@
int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk);
struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
-void wpa_ft_install_ptk(struct wpa_state_machine *sm);
+void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry);
int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm, const u8 *pmk_r0,
const u8 *pmk_r0_name);
#endif /* CONFIG_IEEE80211R_AP */
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 2ac1df4..9bcb997 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -851,17 +851,6 @@
"OWE: No Diffie-Hellman Parameter element");
return WPA_INVALID_AKMP;
}
-#ifdef CONFIG_DPP
- if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && owe_dh) {
- /* Diffie-Hellman Parameter element can be used with DPP as
- * well, so allow this to proceed. */
- } else
-#endif /* CONFIG_DPP */
- if (sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE && owe_dh) {
- wpa_printf(MSG_DEBUG,
- "OWE: Unexpected Diffie-Hellman Parameter element with non-OWE AKM");
- return WPA_INVALID_AKMP;
- }
#endif /* CONFIG_OWE */
#ifdef CONFIG_DPP2
diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index 1d77b94..dc8aa8f 100644
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -364,6 +364,13 @@
bss->ssid.ssid_set = 1;
}
+#ifdef CONFIG_NO_TKIP
+ if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK |
+ WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
+ bss->wpa = 2;
+ else
+ bss->wpa = 0;
+#else /* CONFIG_NO_TKIP */
if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
(cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
bss->wpa = 3;
@@ -373,6 +380,7 @@
bss->wpa = 1;
else
bss->wpa = 0;
+#endif /* CONFIG_NO_TKIP */
if (bss->wpa) {
if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA))
@@ -387,8 +395,10 @@
else
bss->wpa_pairwise |= WPA_CIPHER_CCMP;
}
+#ifndef CONFIG_NO_TKIP
if (cred->encr_type & WPS_ENCR_TKIP)
bss->wpa_pairwise |= WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
bss->rsn_pairwise = bss->wpa_pairwise;
bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
bss->wpa_pairwise,
@@ -559,6 +569,13 @@
fprintf(nconf, "\n");
}
+#ifdef CONFIG_NO_TKIP
+ if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK |
+ WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
+ wpa = 2;
+ else
+ wpa = 0;
+#else /* CONFIG_NO_TKIP */
if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
(cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
wpa = 3;
@@ -568,6 +585,7 @@
wpa = 1;
else
wpa = 0;
+#endif /* CONFIG_NO_TKIP */
if (wpa) {
char *prefix;
@@ -611,9 +629,11 @@
prefix = " ";
}
+#ifndef CONFIG_NO_TKIP
if (cred->encr_type & WPS_ENCR_TKIP) {
fprintf(nconf, "%sTKIP", prefix);
}
+#endif /* CONFIG_NO_TKIP */
fprintf(nconf, "\n");
if (cred->key_len >= 8 && cred->key_len < 64) {
@@ -1160,12 +1180,24 @@
wps->encr_types_rsn |= WPS_ENCR_AES;
}
if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
+#ifdef CONFIG_NO_TKIP
+ wpa_printf(MSG_INFO, "WPS: TKIP not supported");
+ goto fail;
+#else /* CONFIG_NO_TKIP */
wps->encr_types |= WPS_ENCR_TKIP;
wps->encr_types_rsn |= WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
}
}
if (conf->wpa & WPA_PROTO_WPA) {
+#ifdef CONFIG_NO_TKIP
+ if (!(conf->wpa & WPA_PROTO_RSN)) {
+ wpa_printf(MSG_INFO, "WPS: WPA(v1) not supported");
+ goto fail;
+ }
+ conf->wpa &= ~WPA_PROTO_WPA;
+#else /* CONFIG_NO_TKIP */
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
wps->auth_types |= WPS_AUTH_WPAPSK;
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
@@ -1179,6 +1211,7 @@
wps->encr_types |= WPS_ENCR_TKIP;
wps->encr_types_wpa |= WPS_ENCR_TKIP;
}
+#endif /* CONFIG_NO_TKIP */
}
if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
@@ -1218,10 +1251,17 @@
wps->ap_encr_type = wps->encr_types;
if (conf->wps_state == WPS_STATE_NOT_CONFIGURED) {
/* Override parameters to enable security by default */
+#ifdef CONFIG_NO_TKIP
+ wps->auth_types = WPS_AUTH_WPA2PSK;
+ wps->encr_types = WPS_ENCR_AES;
+ wps->encr_types_rsn = WPS_ENCR_AES;
+ wps->encr_types_wpa = WPS_ENCR_AES;
+#else /* CONFIG_NO_TKIP */
wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
wps->encr_types_rsn = WPS_ENCR_AES | WPS_ENCR_TKIP;
wps->encr_types_wpa = WPS_ENCR_AES | WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
}
if ((hapd->conf->multi_ap & FRONTHAUL_BSS) &&
@@ -1801,8 +1841,10 @@
if (os_strncmp(auth, "OPEN", 4) == 0)
cred.auth_type = WPS_AUTH_OPEN;
+#ifndef CONFIG_NO_TKIP
else if (os_strncmp(auth, "WPAPSK", 6) == 0)
cred.auth_type = WPS_AUTH_WPAPSK;
+#endif /* CONFIG_NO_TKIP */
else if (os_strncmp(auth, "WPA2PSK", 7) == 0)
cred.auth_type = WPS_AUTH_WPA2PSK;
else
@@ -1811,8 +1853,10 @@
if (encr) {
if (os_strncmp(encr, "NONE", 4) == 0)
cred.encr_type = WPS_ENCR_NONE;
+#ifndef CONFIG_NO_TKIP
else if (os_strncmp(encr, "TKIP", 4) == 0)
cred.encr_type = WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
else if (os_strncmp(encr, "CCMP", 4) == 0)
cred.encr_type = WPS_ENCR_AES;
else
diff --git a/src/common/dpp.c b/src/common/dpp.c
index d8690ad..b33ab15 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -74,12 +74,14 @@
}
+#ifdef CONFIG_DPP2
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_EC)
return NULL;
return pkey->pkey.ec;
}
+#endif /* CONFIG_DPP2 */
#endif
@@ -3952,6 +3954,14 @@
dpp_auth_fail(auth,
"Missing Initiator Bootstrapping Key Hash attribute");
return NULL;
+ } else if (auth->own_bi &&
+ auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI &&
+ auth->own_bi->nfc_negotiated) {
+ /* NFC negotiated connection handover bootstrapping mandates
+ * use of mutual authentication */
+ dpp_auth_fail(auth,
+ "Missing Initiator Bootstrapping Key Hash attribute");
+ return NULL;
}
auth->peer_version = 1; /* default to the first version */
@@ -6730,7 +6740,7 @@
conf->connector = os_strdup(signed_connector);
dpp_copy_csign(conf, csign_pub);
- if (dpp_akm_dpp(conf->akm))
+ if (dpp_akm_dpp(conf->akm) || auth->peer_version >= 2)
dpp_copy_netaccesskey(auth, conf);
ret = 0;
diff --git a/src/common/dpp.h b/src/common/dpp.h
index ab3f927..585d398 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -138,6 +138,8 @@
const struct dpp_curve_params *curve;
unsigned int pkex_t; /* number of failures before dpp_pkex
* instantiation */
+ int nfc_negotiated; /* whether this has been used in NFC negotiated
+ * connection handover */
char *configurator_params;
};
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index 8ef666d..3fa38c9 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -5469,8 +5469,12 @@
* QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE
* Center frequency (in MHz) of the span of interest or
* for convenience, center frequency (in MHz) of any channel
- * in the span of interest. If agile spectral scan is initiated
- * without setting a valid frequency it returns the error code
+ * in the span of interest. For 80+80 MHz agile spectral scan
+ * request it represents center frequency (in MHz) of the primary
+ * 80 MHz span or for convenience, center frequency (in MHz) of any
+ * channel in the primary 80 MHz span. If agile spectral scan is
+ * initiated without setting a valid frequency it returns the
+ * error code
* (QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_NOT_INITIALIZED).
* u32 attribute.
*/
@@ -5497,6 +5501,20 @@
* 1-enable, 0-disable
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG = 28,
+ /* This specifies the frequency span over which spectral scan would be
+ * carried out. Its value depends on the value of
+ * QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_MODE and the relation is as
+ * follows.
+ * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL
+ * Not applicable. Spectral scan would happen in the operating span.
+ * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE
+ * This attribute is applicable only for agile spectral scan
+ * requests in 80+80 MHz mode. It represents center frequency (in
+ * MHz) of the secondary 80 MHz span or for convenience, center
+ * frequency (in MHz) of any channel in the secondary 80 MHz span.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_FREQUENCY_2 = 29,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_MAX =
@@ -5587,6 +5605,26 @@
* for 80+80 MHz mode.
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AGILE_SPECTRAL_80_80 = 13,
+ /* Number of spectral detectors used for scan in 20 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_20_MHZ = 14,
+ /* Number of spectral detectors used for scan in 40 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_40_MHZ = 15,
+ /* Number of spectral detectors used for scan in 80 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_80_MHZ = 16,
+ /* Number of spectral detectors used for scan in 160 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_160_MHZ = 17,
+ /* Number of spectral detectors used for scan in 80+80 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_80P80_MHZ = 18,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_MAX =
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 1284743..46b647b 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -2319,11 +2319,18 @@
int wpa_cipher_valid_pairwise(int cipher)
{
+#ifdef CONFIG_NO_TKIP
+ return cipher == WPA_CIPHER_CCMP_256 ||
+ cipher == WPA_CIPHER_GCMP_256 ||
+ cipher == WPA_CIPHER_CCMP ||
+ cipher == WPA_CIPHER_GCMP;
+#else /* CONFIG_NO_TKIP */
return cipher == WPA_CIPHER_CCMP_256 ||
cipher == WPA_CIPHER_GCMP_256 ||
cipher == WPA_CIPHER_CCMP ||
cipher == WPA_CIPHER_GCMP ||
cipher == WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
}
@@ -2476,8 +2483,10 @@
val |= WPA_CIPHER_CCMP;
else if (os_strcmp(start, "GCMP") == 0)
val |= WPA_CIPHER_GCMP;
+#ifndef CONFIG_NO_TKIP
else if (os_strcmp(start, "TKIP") == 0)
val |= WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WEP
else if (os_strcmp(start, "WEP104") == 0)
val |= WPA_CIPHER_WEP104;
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index da58159..c0ef689 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -22,6 +22,15 @@
#define OWE_DH_GROUP 19
+#ifdef CONFIG_NO_TKIP
+#define WPA_ALLOWED_PAIRWISE_CIPHERS \
+(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_NONE | \
+WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)
+#define WPA_ALLOWED_GROUP_CIPHERS \
+(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | \
+WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256 | \
+WPA_CIPHER_GTK_NOT_USED)
+#else /* CONFIG_NO_TKIP */
#define WPA_ALLOWED_PAIRWISE_CIPHERS \
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | WPA_CIPHER_NONE | \
WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)
@@ -29,6 +38,7 @@
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | \
WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256 | \
WPA_CIPHER_GTK_NOT_USED)
+#endif /* CONFIG_NO_TKIP */
#define WPA_ALLOWED_GROUP_MGMT_CIPHERS \
(WPA_CIPHER_AES_128_CMAC | WPA_CIPHER_BIP_GMAC_128 | WPA_CIPHER_BIP_GMAC_256 | \
WPA_CIPHER_BIP_CMAC_256)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 032bbd8..bdd90d8 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1838,7 +1838,7 @@
#define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
/** Driver support 4-way handshake offload for WPA-Personal */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
-/** Driver supports a separate control port for EAPOL frames */
+/** Driver supports a separate control port TX for EAPOL frames */
#define WPA_DRIVER_FLAGS_CONTROL_PORT 0x0400000000000000ULL
/** Driver supports VLAN offload */
#define WPA_DRIVER_FLAGS_VLAN_OFFLOAD 0x0800000000000000ULL
@@ -1852,6 +1852,10 @@
#define WPA_DRIVER_FLAGS_EXTENDED_KEY_ID 0x8000000000000000ULL
u64 flags;
+/** Driver supports a separate control port RX for EAPOL frames */
+#define WPA_DRIVER_FLAGS2_CONTROL_PORT_RX 0x0000000000000001ULL
+ u64 flags2;
+
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
(drv_flags & WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE)
@@ -4420,6 +4424,17 @@
*/
int (*update_dh_ie)(void *priv, const u8 *peer_mac, u16 reason_code,
const u8 *ie, size_t ie_len);
+
+ /**
+ * dpp_listen - Notify driver about start/stop of DPP listen
+ * @priv: Private driver interface data
+ * @enable: Whether listen state is enabled (or disabled)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This optional callback can be used to update RX frame filtering to
+ * explicitly allow reception of broadcast Public Action frames.
+ */
+ int (*dpp_listen)(void *priv, int enable);
};
/**
@@ -5921,6 +5936,7 @@
const struct wpa_driver_capa *capa);
/* Convert driver flag to string */
const char * driver_flag_to_string(u64 flag);
+const char * driver_flag2_to_string(u64 flag2);
/* NULL terminated array of linked in driver wrappers */
extern const struct wpa_driver_ops *const wpa_drivers[];
diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c
index 63846db..23a6a42 100644
--- a/src/drivers/driver_common.c
+++ b/src/drivers/driver_common.c
@@ -321,3 +321,14 @@
return "UNKNOWN";
#undef DF2S
}
+
+
+const char * driver_flag2_to_string(u64 flag2)
+{
+#define DF2S(x) case WPA_DRIVER_FLAGS2_ ## x: return #x
+ switch (flag2) {
+ DF2S(CONTROL_PORT_RX);
+ }
+ return "UNKNOWN";
+#undef DF2S
+}
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 3b7c31c..75792f3 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -30,7 +30,6 @@
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "common/wpa_common.h"
-#include "l2_packet/l2_packet.h"
#include "netlink.h"
#include "linux_defines.h"
#include "linux_ioctl.h"
@@ -438,6 +437,52 @@
}
+/* Use this method to mark that it is necessary to own the connection/interface
+ * for this operation.
+ * handle may be set to NULL, to get the same behavior as send_and_recv_msgs().
+ * set_owner can be used to mark this socket for receiving control port frames.
+ */
+static int send_and_recv_msgs_owner(struct wpa_driver_nl80211_data *drv,
+ struct nl_msg *msg,
+ struct nl_sock *handle, int set_owner,
+ int (*valid_handler)(struct nl_msg *,
+ void *),
+ void *valid_data)
+{
+ /* Control port over nl80211 needs the flags and attributes below.
+ *
+ * The Linux kernel has initial checks for them (in nl80211.c) like:
+ * validate_pae_over_nl80211(...)
+ * or final checks like:
+ * dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid
+ *
+ * Final operations (e.g., disassociate) don't need to set these
+ * attributes, but they have to be performed on the socket, which has
+ * the connection owner property set in the kernel.
+ */
+ if ((drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) &&
+ handle && set_owner &&
+ (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_OVER_NL80211) ||
+ nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER) ||
+ nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
+ nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_PREAUTH)))
+ return -1;
+
+ return send_and_recv(drv->global, handle ? handle : drv->global->nl,
+ msg, valid_handler, valid_data);
+}
+
+
+struct nl_sock * get_connect_handle(struct i802_bss *bss)
+{
+ if ((bss->drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) ||
+ bss->use_nl_connect)
+ return bss->nl_connect;
+
+ return NULL;
+}
+
+
struct family_data {
const char *group;
int id;
@@ -1918,6 +1963,25 @@
}
+static int nl80211_init_connect_handle(struct i802_bss *bss)
+{
+ if (bss->nl_connect) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Connect handle already created (nl_connect=%p)",
+ bss->nl_connect);
+ return -1;
+ }
+
+ bss->nl_connect = nl_create_handle(bss->nl_cb, "connect");
+ if (!bss->nl_connect)
+ return -1;
+ nl80211_register_eloop_read(&bss->nl_connect,
+ wpa_driver_nl80211_event_receive,
+ bss->nl_cb, 1);
+ return 0;
+}
+
+
static int nl80211_init_bss(struct i802_bss *bss)
{
bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
@@ -1929,6 +1993,8 @@
nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
process_bss_event, bss);
+ nl80211_init_connect_handle(bss);
+
return 0;
}
@@ -1937,6 +2003,9 @@
{
nl_cb_put(bss->nl_cb);
bss->nl_cb = NULL;
+
+ if (bss->nl_connect)
+ nl80211_destroy_eloop_handle(&bss->nl_connect, 1);
}
@@ -2160,25 +2229,6 @@
}
-static int nl80211_init_connect_handle(struct i802_bss *bss)
-{
- if (bss->nl_connect) {
- wpa_printf(MSG_DEBUG,
- "nl80211: Connect handle already created (nl_connect=%p)",
- bss->nl_connect);
- return -1;
- }
-
- bss->nl_connect = nl_create_handle(bss->nl_cb, "connect");
- if (!bss->nl_connect)
- return -1;
- nl80211_register_eloop_read(&bss->nl_connect,
- wpa_driver_nl80211_event_receive,
- bss->nl_cb, 1);
- return 0;
-}
-
-
static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
{
struct wpa_driver_nl80211_data *drv = bss->drv;
@@ -2716,8 +2766,6 @@
if (drv->vendor_cmd_test_avail)
qca_vendor_test(drv);
- nl80211_init_connect_handle(bss);
-
return 0;
}
@@ -2830,9 +2878,6 @@
nl80211_del_p2pdev(bss);
}
- if (bss->nl_connect)
- nl80211_destroy_eloop_handle(&bss->nl_connect, 1);
-
nl80211_destroy_bss(drv->first_bss);
os_free(drv->filter_ssids);
@@ -3437,18 +3482,14 @@
return nl80211_leave_ibss(drv, 1);
}
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
- struct nl_sock *nl_connect = NULL;
-
- if (bss->use_nl_connect)
- nl_connect = bss->nl_connect;
return wpa_driver_nl80211_disconnect(drv, reason_code,
- nl_connect);
+ get_connect_handle(bss));
}
wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
__func__, MAC2STR(addr), reason_code);
nl80211_mark_disconnected(drv);
ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
- reason_code, 0, NULL);
+ reason_code, 0, get_connect_handle(bss));
/*
* For locally generated deauthenticate, supplicant already generates a
* DEAUTH event, so ignore the event from NL80211.
@@ -4432,7 +4473,8 @@
}
#endif /* CONFIG_IEEE80211AX */
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 1,
+ NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
ret, strerror(-ret));
@@ -5285,7 +5327,10 @@
int res;
int qos = flags & WPA_STA_WMM;
- if (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT)
+ /* For now, disable EAPOL TX over control port in AP mode by default
+ * since it does not provide TX status notifications. */
+ if (drv->control_port_ap &&
+ (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT))
return nl80211_tx_control_port(bss, addr, ETH_P_EAPOL,
data, data_len, !encrypt);
@@ -5452,7 +5497,9 @@
int ret;
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_IBSS);
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg,
+ get_connect_handle(drv->first_bss), 1,
+ NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
"(%s)", ret, strerror(-ret));
@@ -5584,7 +5631,9 @@
if (ret < 0)
goto fail;
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg,
+ get_connect_handle(drv->first_bss), 1,
+ NULL, NULL);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
@@ -5985,12 +6034,8 @@
if (ret)
goto fail;
- if (nl_connect)
- ret = send_and_recv(drv->global, nl_connect, msg,
- NULL, (void *) -1);
- else
- ret = send_and_recv_msgs(drv, msg, NULL, (void *) -1);
-
+ ret = send_and_recv_msgs_owner(drv, msg, nl_connect, 1, NULL,
+ (void *) -1);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
@@ -6059,19 +6104,17 @@
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
enum nl80211_iftype nlmode = params->p2p ?
NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
- struct nl_sock *nl_connect = NULL;
if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
return -1;
if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
- params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) {
- nl_connect = bss->nl_connect;
+ params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)
bss->use_nl_connect = 1;
- } else {
+ else
bss->use_nl_connect = 0;
- }
- return wpa_driver_nl80211_connect(drv, params, nl_connect);
+ return wpa_driver_nl80211_connect(drv, params,
+ get_connect_handle(bss));
}
nl80211_mark_disconnected(drv);
@@ -6106,7 +6149,9 @@
goto fail;
}
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg,
+ get_connect_handle(drv->first_bss), 1,
+ NULL, NULL);
msg = NULL;
if (ret) {
wpa_dbg(drv->ctx, MSG_DEBUG,
@@ -7242,6 +7287,12 @@
}
#endif /* CONFIG_LIBNL3_ROUTE */
+ if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Do not open EAPOL RX socket - using control port for RX");
+ goto skip_eapol_sock;
+ }
+
drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
if (drv->eapol_sock < 0) {
wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s",
@@ -7254,6 +7305,7 @@
wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol");
goto failed;
}
+skip_eapol_sock:
if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
params->own_addr))
@@ -8125,8 +8177,13 @@
drv->test_use_roc_tx = 1;
}
- if (os_strstr(param, "control_port=0"))
+ if (os_strstr(param, "control_port=0")) {
drv->capa.flags &= ~WPA_DRIVER_FLAGS_CONTROL_PORT;
+ drv->capa.flags2 &= ~WPA_DRIVER_FLAGS2_CONTROL_PORT_RX;
+ }
+
+ if (os_strstr(param, "control_port_ap=1"))
+ drv->control_port_ap = 1;
if (os_strstr(param, "full_ap_client_state=0"))
drv->capa.flags &= ~WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE;
@@ -9500,7 +9557,12 @@
if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) <
0)
goto fail;
- ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf);
+ /* This test vendor_cmd can be used with nl80211 commands that
+ * need the connect nl_sock, so use the owner-setting variant
+ * of send_and_recv_msgs(). */
+ ret = send_and_recv_msgs_owner(drv, msg,
+ get_connect_handle(bss), 0,
+ cmd_reply_handler, buf);
if (ret)
wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d",
ret);
@@ -9955,7 +10017,8 @@
if (nl80211_put_mesh_config(msg, ¶ms->conf) < 0)
goto fail;
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 1,
+ NULL, NULL);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: mesh join failed: ret=%d (%s)",
@@ -10012,7 +10075,8 @@
wpa_printf(MSG_DEBUG, "nl80211: mesh leave (ifindex=%d)", drv->ifindex);
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_MESH);
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 0,
+ NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: mesh leave failed: ret=%d (%s)",
ret, strerror(-ret));
diff --git a/src/drivers/driver_nl80211.h b/src/drivers/driver_nl80211.h
index 6e6c872..19ac44a 100644
--- a/src/drivers/driver_nl80211.h
+++ b/src/drivers/driver_nl80211.h
@@ -171,6 +171,7 @@
unsigned int roam_vendor_cmd_avail:1;
unsigned int get_supported_akm_suites_avail:1;
unsigned int add_sta_node_vendor_cmd_avail:1;
+ unsigned int control_port_ap:1;
u64 vendor_scan_cookie;
u64 remain_on_chan_cookie;
@@ -229,6 +230,7 @@
int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, struct nl_msg *msg,
int (*valid_handler)(struct nl_msg *, void *),
void *valid_data);
+struct nl_sock * get_connect_handle(struct i802_bss *bss);
int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
const char *ifname, enum nl80211_iftype iftype,
const u8 *addr, int wds,
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index b4fed9e..f033591 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -441,6 +441,9 @@
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
capa->flags |= WPA_DRIVER_FLAGS_CONTROL_PORT;
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_CONTROL_PORT_NO_PREAUTH))
+ capa->flags2 |= WPA_DRIVER_FLAGS2_CONTROL_PORT_RX;
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_VLAN_OFFLOAD))
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index d4ca2eb..17a06d8 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -2505,12 +2505,34 @@
static void nl80211_control_port_frame(struct wpa_driver_nl80211_data *drv,
struct nlattr **tb)
{
- if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_FRAME])
+ u8 *src_addr;
+ u16 ethertype;
+
+ if (!tb[NL80211_ATTR_MAC] ||
+ !tb[NL80211_ATTR_FRAME] ||
+ !tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE])
return;
- drv_event_eapol_rx(drv->ctx, nla_data(tb[NL80211_ATTR_MAC]),
- nla_data(tb[NL80211_ATTR_FRAME]),
- nla_len(tb[NL80211_ATTR_FRAME]));
+ src_addr = nla_data(tb[NL80211_ATTR_MAC]);
+ ethertype = nla_get_u16(tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
+
+ switch (ethertype) {
+ case ETH_P_RSN_PREAUTH:
+ wpa_printf(MSG_INFO, "nl80211: Got pre-auth frame from "
+ MACSTR " over control port unexpectedly",
+ MAC2STR(src_addr));
+ break;
+ case ETH_P_PAE:
+ drv_event_eapol_rx(drv->ctx, src_addr,
+ nla_data(tb[NL80211_ATTR_FRAME]),
+ nla_len(tb[NL80211_ATTR_FRAME]));
+ break;
+ default:
+ wpa_printf(MSG_INFO, "nl80211: Unxpected ethertype 0x%04x from "
+ MACSTR " over control port",
+ ethertype, MAC2STR(src_addr));
+ break;
+ }
}
@@ -2729,9 +2751,6 @@
case NL80211_CMD_UPDATE_OWE_INFO:
mlme_event_dh_event(drv, bss, tb);
break;
- case NL80211_CMD_CONTROL_PORT_FRAME:
- nl80211_control_port_frame(drv, tb);
- break;
default:
wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event "
"(cmd=%d)", cmd);
@@ -2821,6 +2840,9 @@
case NL80211_CMD_EXTERNAL_AUTH:
nl80211_external_auth(bss->drv, tb);
break;
+ case NL80211_CMD_CONTROL_PORT_FRAME:
+ nl80211_control_port_frame(bss->drv, tb);
+ break;
default:
wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
"(cmd=%d)", gnlh->cmd);
diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c
index 04f6bb8..17e8b2c 100644
--- a/src/drivers/driver_nl80211_scan.c
+++ b/src/drivers/driver_nl80211_scan.c
@@ -872,7 +872,7 @@
wpa_driver_nl80211_mlme(drv, addr,
NL80211_CMD_DEAUTHENTICATE,
WLAN_REASON_PREV_AUTH_NOT_VALID, 1,
- NULL);
+ get_connect_handle(drv->first_bss));
}
}
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 540b4e7..61032cc 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -45,43 +45,43 @@
struct eap_eapol_interface {
/* Lower layer to full authenticator variables */
- Boolean eapResp; /* shared with EAPOL Backend Authentication */
+ bool eapResp; /* shared with EAPOL Backend Authentication */
struct wpabuf *eapRespData;
- Boolean portEnabled;
+ bool portEnabled;
int retransWhile;
- Boolean eapRestart; /* shared with EAPOL Authenticator PAE */
+ bool eapRestart; /* shared with EAPOL Authenticator PAE */
int eapSRTT;
int eapRTTVAR;
/* Full authenticator to lower layer variables */
- Boolean eapReq; /* shared with EAPOL Backend Authentication */
- Boolean eapNoReq; /* shared with EAPOL Backend Authentication */
- Boolean eapSuccess;
- Boolean eapFail;
- Boolean eapTimeout;
+ bool eapReq; /* shared with EAPOL Backend Authentication */
+ bool eapNoReq; /* shared with EAPOL Backend Authentication */
+ bool eapSuccess;
+ bool eapFail;
+ bool eapTimeout;
struct wpabuf *eapReqData;
u8 *eapKeyData;
size_t eapKeyDataLen;
u8 *eapSessionId;
size_t eapSessionIdLen;
- Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
+ bool eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
/* AAA interface to full authenticator variables */
- Boolean aaaEapReq;
- Boolean aaaEapNoReq;
- Boolean aaaSuccess;
- Boolean aaaFail;
+ bool aaaEapReq;
+ bool aaaEapNoReq;
+ bool aaaSuccess;
+ bool aaaFail;
struct wpabuf *aaaEapReqData;
u8 *aaaEapKeyData;
size_t aaaEapKeyDataLen;
- Boolean aaaEapKeyAvailable;
+ bool aaaEapKeyAvailable;
int aaaMethodTimeout;
/* Full authenticator to AAA interface variables */
- Boolean aaaEapResp;
+ bool aaaEapResp;
struct wpabuf *aaaEapRespData;
/* aaaIdentity -> eap_get_identity() */
- Boolean aaaTimeout;
+ bool aaaTimeout;
};
struct eap_server_erp_key {
@@ -124,7 +124,7 @@
* callback context.
*/
void *eap_sim_db_priv;
- Boolean backend_auth;
+ bool backend_auth;
int eap_server;
/**
diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h
index 44896a6..28bb564 100644
--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@@ -32,15 +32,14 @@
struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
int (*getTimeout)(struct eap_sm *sm, void *priv);
- Boolean (*check)(struct eap_sm *sm, void *priv,
- struct wpabuf *respData);
+ bool (*check)(struct eap_sm *sm, void *priv, struct wpabuf *respData);
void (*process)(struct eap_sm *sm, void *priv,
struct wpabuf *respData);
- Boolean (*isDone)(struct eap_sm *sm, void *priv);
+ bool (*isDone)(struct eap_sm *sm, void *priv);
u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
/* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
* but it is useful in implementing Policy.getDecision() */
- Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
+ bool (*isSuccess)(struct eap_sm *sm, void *priv);
/**
* free - Free EAP method data
@@ -138,13 +137,13 @@
int methodTimeout;
/* Short-term (not maintained between packets) */
- Boolean rxResp;
- Boolean rxInitiate;
+ bool rxResp;
+ bool rxInitiate;
int respId;
enum eap_type respMethod;
int respVendor;
u32 respVendorMethod;
- Boolean ignore;
+ bool ignore;
enum {
DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START
@@ -153,7 +152,7 @@
/* Miscellaneous variables */
const struct eap_method *m; /* selected EAP method */
/* not defined in RFC 4137 */
- Boolean changed;
+ bool changed;
void *eapol_ctx;
const struct eapol_callbacks *eapol_cb;
void *eap_method_priv;
@@ -169,7 +168,7 @@
int init_phase2;
const struct eap_config *cfg;
struct eap_config cfg_buf;
- Boolean update_user;
+ bool update_user;
unsigned int num_rounds;
unsigned int num_rounds_short;
@@ -183,12 +182,12 @@
struct wpabuf *assoc_wps_ie;
struct wpabuf *assoc_p2p_ie;
- Boolean start_reauth;
+ bool start_reauth;
u8 peer_addr[ETH_ALEN];
- Boolean initiate_reauth_start_sent;
- Boolean try_initiate_reauth;
+ bool initiate_reauth_start_sent;
+ bool try_initiate_reauth;
#ifdef CONFIG_TESTING_OPTIONS
u32 tls_test_flags;
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 34ce239..0b7a5b9 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -9,7 +9,7 @@
* in RFC 4137. However, to support backend authentication in RADIUS
* authentication server functionality, parts of backend authenticator (also
* from RFC 4137) are mixed in. This functionality is enabled by setting
- * backend_auth configuration variable to TRUE.
+ * backend_auth configuration variable to true.
*/
#include "includes.h"
@@ -38,7 +38,7 @@
static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm,
int *vendor);
static int eap_sm_Policy_getDecision(struct eap_sm *sm);
-static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method);
+static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method);
static int eap_get_erp_send_reauth_start(struct eap_sm *sm)
@@ -230,19 +230,19 @@
eap_server_clear_identity(sm);
}
- sm->try_initiate_reauth = FALSE;
+ sm->try_initiate_reauth = false;
sm->currentId = -1;
- sm->eap_if.eapSuccess = FALSE;
- sm->eap_if.eapFail = FALSE;
- sm->eap_if.eapTimeout = FALSE;
+ sm->eap_if.eapSuccess = false;
+ sm->eap_if.eapFail = false;
+ sm->eap_if.eapTimeout = false;
bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
sm->eap_if.eapKeyData = NULL;
sm->eap_if.eapKeyDataLen = 0;
os_free(sm->eap_if.eapSessionId);
sm->eap_if.eapSessionId = NULL;
sm->eap_if.eapSessionIdLen = 0;
- sm->eap_if.eapKeyAvailable = FALSE;
- sm->eap_if.eapRestart = FALSE;
+ sm->eap_if.eapKeyAvailable = false;
+ sm->eap_if.eapRestart = false;
/*
* This is not defined in RFC 4137, but method state needs to be
@@ -322,7 +322,7 @@
sm->retransCount++;
if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
- sm->eap_if.eapReq = TRUE;
+ sm->eap_if.eapReq = true;
}
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT MACSTR,
@@ -347,8 +347,8 @@
SM_STATE(EAP, DISCARD)
{
SM_ENTRY(EAP, DISCARD);
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapNoReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapNoReq = true;
}
@@ -362,17 +362,17 @@
sm->num_rounds_short = 0;
if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
{
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = true;
} else {
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = FALSE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = false;
}
} else {
wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData");
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = FALSE;
- sm->eap_if.eapNoReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = false;
+ sm->eap_if.eapNoReq = true;
}
}
@@ -382,7 +382,7 @@
SM_ENTRY(EAP, INTEGRITY_CHECK);
if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) {
- sm->ignore = TRUE;
+ sm->ignore = true;
return;
}
@@ -552,7 +552,7 @@
SM_ENTRY(EAP, PROPOSE_METHOD);
- sm->try_initiate_reauth = FALSE;
+ sm->try_initiate_reauth = false;
try_another_method:
type = eap_sm_Policy_getNextMethod(sm, &vendor);
if (vendor == EAP_VENDOR_IETF)
@@ -640,7 +640,7 @@
{
SM_ENTRY(EAP, TIMEOUT_FAILURE);
- sm->eap_if.eapTimeout = TRUE;
+ sm->eap_if.eapTimeout = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO,
WPA_EVENT_EAP_TIMEOUT_FAILURE MACSTR, MAC2STR(sm->peer_addr));
@@ -655,7 +655,7 @@
sm->eap_if.eapReqData = eap_sm_buildFailure(sm, sm->currentId);
wpabuf_free(sm->lastReqData);
sm->lastReqData = NULL;
- sm->eap_if.eapFail = TRUE;
+ sm->eap_if.eapFail = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
MACSTR, MAC2STR(sm->peer_addr));
@@ -671,8 +671,8 @@
wpabuf_free(sm->lastReqData);
sm->lastReqData = NULL;
if (sm->eap_if.eapKeyData)
- sm->eap_if.eapKeyAvailable = TRUE;
- sm->eap_if.eapSuccess = TRUE;
+ sm->eap_if.eapKeyAvailable = true;
+ sm->eap_if.eapSuccess = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
MACSTR, MAC2STR(sm->peer_addr));
@@ -683,8 +683,8 @@
{
SM_ENTRY(EAP, INITIATE_REAUTH_START);
- sm->initiate_reauth_start_sent = TRUE;
- sm->try_initiate_reauth = TRUE;
+ sm->initiate_reauth_start_sent = true;
+ sm->try_initiate_reauth = true;
sm->currentId = eap_sm_nextId(sm, sm->currentId);
wpa_printf(MSG_DEBUG,
"EAP: building EAP-Initiate-Re-auth-Start: Identifier %d",
@@ -760,7 +760,7 @@
sm->lastReqData = NULL;
if ((flags & 0x80) || !erp) {
- sm->eap_if.eapFail = TRUE;
+ sm->eap_if.eapFail = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
MACSTR, MAC2STR(sm->peer_addr));
return;
@@ -784,10 +784,10 @@
return;
}
sm->eap_if.eapKeyDataLen = erp->rRK_len;
- sm->eap_if.eapKeyAvailable = TRUE;
+ sm->eap_if.eapKeyAvailable = true;
wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rMSK",
sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
- sm->eap_if.eapSuccess = TRUE;
+ sm->eap_if.eapSuccess = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
MACSTR, MAC2STR(sm->peer_addr));
@@ -811,7 +811,7 @@
SM_ENTRY(EAP, INITIATE_RECEIVED);
- sm->rxInitiate = FALSE;
+ sm->rxInitiate = false;
pos = eap_hdr_validate(EAP_VENDOR_IETF,
(enum eap_type) EAP_ERP_TYPE_REAUTH,
@@ -988,7 +988,7 @@
return;
fail:
- sm->ignore = TRUE;
+ sm->ignore = true;
}
#endif /* CONFIG_ERP */
@@ -1000,7 +1000,7 @@
wpabuf_free(sm->eap_if.aaaEapRespData);
sm->eap_if.aaaEapRespData = NULL;
- sm->try_initiate_reauth = FALSE;
+ sm->try_initiate_reauth = false;
}
@@ -1021,7 +1021,7 @@
sm->retransCount++;
if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
- sm->eap_if.eapReq = TRUE;
+ sm->eap_if.eapReq = true;
}
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT2 MACSTR,
@@ -1041,8 +1041,8 @@
SM_STATE(EAP, DISCARD2)
{
SM_ENTRY(EAP, DISCARD2);
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapNoReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapNoReq = true;
}
@@ -1054,17 +1054,17 @@
if (sm->eap_if.eapReqData) {
if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
{
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = true;
} else {
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = FALSE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = false;
}
} else {
wpa_printf(MSG_INFO, "EAP: SEND_REQUEST2 - no eapReqData");
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = FALSE;
- sm->eap_if.eapNoReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = false;
+ sm->eap_if.eapNoReq = true;
}
}
@@ -1103,11 +1103,11 @@
{
SM_ENTRY(EAP, AAA_IDLE);
- sm->eap_if.aaaFail = FALSE;
- sm->eap_if.aaaSuccess = FALSE;
- sm->eap_if.aaaEapReq = FALSE;
- sm->eap_if.aaaEapNoReq = FALSE;
- sm->eap_if.aaaEapResp = TRUE;
+ sm->eap_if.aaaFail = false;
+ sm->eap_if.aaaSuccess = false;
+ sm->eap_if.aaaEapReq = false;
+ sm->eap_if.aaaEapNoReq = false;
+ sm->eap_if.aaaEapResp = true;
}
@@ -1115,7 +1115,7 @@
{
SM_ENTRY(EAP, TIMEOUT_FAILURE2);
- sm->eap_if.eapTimeout = TRUE;
+ sm->eap_if.eapTimeout = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO,
WPA_EVENT_EAP_TIMEOUT_FAILURE2 MACSTR, MAC2STR(sm->peer_addr));
@@ -1127,7 +1127,7 @@
SM_ENTRY(EAP, FAILURE2);
eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
- sm->eap_if.eapFail = TRUE;
+ sm->eap_if.eapFail = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE2 MACSTR,
MAC2STR(sm->peer_addr));
@@ -1149,14 +1149,14 @@
sm->eap_if.eapKeyDataLen = 0;
}
- sm->eap_if.eapSuccess = TRUE;
+ sm->eap_if.eapSuccess = true;
/*
* Start reauthentication with identity request even though we know the
* previously used identity. This is needed to get reauthentication
* started properly.
*/
- sm->start_reauth = TRUE;
+ sm->start_reauth = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS2 MACSTR,
MAC2STR(sm->peer_addr));
@@ -1217,7 +1217,7 @@
case EAP_IDLE:
if (sm->eap_if.retransWhile == 0) {
if (sm->try_initiate_reauth) {
- sm->try_initiate_reauth = FALSE;
+ sm->try_initiate_reauth = false;
SM_ENTER(EAP, SELECT_ACTION);
} else {
SM_ENTER(EAP, RETRANSMIT);
@@ -1491,8 +1491,8 @@
size_t plen;
/* parse rxResp, respId, respMethod */
- sm->rxResp = FALSE;
- sm->rxInitiate = FALSE;
+ sm->rxResp = false;
+ sm->rxInitiate = false;
sm->respId = -1;
sm->respMethod = EAP_TYPE_NONE;
sm->respVendor = EAP_VENDOR_IETF;
@@ -1518,9 +1518,9 @@
sm->respId = hdr->identifier;
if (hdr->code == EAP_CODE_RESPONSE)
- sm->rxResp = TRUE;
+ sm->rxResp = true;
else if (hdr->code == EAP_CODE_INITIATE)
- sm->rxInitiate = TRUE;
+ sm->rxInitiate = true;
if (plen > sizeof(*hdr)) {
u8 *pos = (u8 *) (hdr + 1);
@@ -1702,7 +1702,7 @@
if (sm->identity == NULL || sm->currentId == -1) {
*vendor = EAP_VENDOR_IETF;
next = EAP_TYPE_IDENTITY;
- sm->update_user = TRUE;
+ sm->update_user = true;
} else if (sm->user && idx < EAP_MAX_METHODS &&
(sm->user->methods[idx].vendor != EAP_VENDOR_IETF ||
sm->user->methods[idx].method != EAP_TYPE_NONE)) {
@@ -1730,7 +1730,7 @@
sm->m->isSuccess(sm, sm->eap_method_priv)) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> "
"SUCCESS");
- sm->update_user = TRUE;
+ sm->update_user = true;
return DECISION_SUCCESS;
}
@@ -1738,7 +1738,7 @@
!sm->m->isSuccess(sm, sm->eap_method_priv)) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> "
"FAILURE");
- sm->update_user = TRUE;
+ sm->update_user = true;
return DECISION_FAILURE;
}
@@ -1765,12 +1765,12 @@
sm->user->methods[0].method == EAP_TYPE_IDENTITY) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: stop "
"identity request loop -> FAILURE");
- sm->update_user = TRUE;
+ sm->update_user = true;
return DECISION_FAILURE;
}
- sm->update_user = FALSE;
+ sm->update_user = false;
}
- sm->start_reauth = FALSE;
+ sm->start_reauth = false;
if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
(sm->user->methods[sm->user_eap_method_index].vendor !=
@@ -1801,9 +1801,9 @@
}
-static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method)
+static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method)
{
- return method == EAP_TYPE_IDENTITY ? TRUE : FALSE;
+ return method == EAP_TYPE_IDENTITY;
}
@@ -1820,7 +1820,7 @@
{
int res = 0;
do {
- sm->changed = FALSE;
+ sm->changed = false;
SM_STEP_RUN(EAP);
if (sm->changed)
res = 1;
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index 22dd965..e9bf030 100644
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -664,8 +664,8 @@
}
-static Boolean eap_aka_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_aka_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_aka_data *data = priv;
const u8 *pos;
@@ -675,25 +675,25 @@
&len);
if (pos == NULL || len < 3) {
wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
-static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype)
+static bool eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype)
{
if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR ||
subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT)
- return FALSE;
+ return false;
switch (data->state) {
case IDENTITY:
if (subtype != EAP_AKA_SUBTYPE_IDENTITY) {
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case CHALLENGE:
@@ -701,30 +701,30 @@
subtype != EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) {
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case REAUTH:
if (subtype != EAP_AKA_SUBTYPE_REAUTHENTICATION) {
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case NOTIFICATION:
if (subtype != EAP_AKA_SUBTYPE_NOTIFICATION) {
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
default:
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected state (%d) for "
"processing a response", data->state);
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1269,7 +1269,7 @@
}
-static Boolean eap_aka_isDone(struct eap_sm *sm, void *priv)
+static bool eap_aka_isDone(struct eap_sm *sm, void *priv)
{
struct eap_aka_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -1308,7 +1308,7 @@
}
-static Boolean eap_aka_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_aka_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_aka_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_eke.c b/src/eap_server/eap_server_eke.c
index 71fab96..eac3245 100644
--- a/src/eap_server/eap_server_eke.c
+++ b/src/eap_server/eap_server_eke.c
@@ -380,8 +380,8 @@
}
-static Boolean eap_eke_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_eke_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_eke_data *data = priv;
size_t len;
@@ -391,28 +391,28 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_EKE, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-EKE: Invalid frame");
- return TRUE;
+ return true;
}
eke_exch = *pos;
wpa_printf(MSG_DEBUG, "EAP-EKE: Received frame: EKE-Exch=%d", eke_exch);
if (data->state == IDENTITY && eke_exch == EAP_EKE_ID)
- return FALSE;
+ return false;
if (data->state == COMMIT && eke_exch == EAP_EKE_COMMIT)
- return FALSE;
+ return false;
if (data->state == CONFIRM && eke_exch == EAP_EKE_CONFIRM)
- return FALSE;
+ return false;
if (eke_exch == EAP_EKE_FAILURE)
- return FALSE;
+ return false;
wpa_printf(MSG_INFO, "EAP-EKE: Unexpected EKE-Exch=%d in state=%d",
eke_exch, data->state);
- return TRUE;
+ return true;
}
@@ -716,7 +716,7 @@
}
-static Boolean eap_eke_isDone(struct eap_sm *sm, void *priv)
+static bool eap_eke_isDone(struct eap_sm *sm, void *priv)
{
struct eap_eke_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -757,7 +757,7 @@
}
-static Boolean eap_eke_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_eke_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_eke_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c
index 0270821..55d48d9 100644
--- a/src/eap_server/eap_server_fast.c
+++ b/src/eap_server/eap_server_fast.c
@@ -929,8 +929,8 @@
}
-static Boolean eap_fast_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_fast_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -938,10 +938,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_FAST, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-FAST: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1563,7 +1563,7 @@
}
-static Boolean eap_fast_isDone(struct eap_sm *sm, void *priv)
+static bool eap_fast_isDone(struct eap_sm *sm, void *priv)
{
struct eap_fast_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -1614,7 +1614,7 @@
}
-static Boolean eap_fast_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_fast_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_fast_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_gpsk.c b/src/eap_server/eap_server_gpsk.c
index a774275..4081b9f 100644
--- a/src/eap_server/eap_server_gpsk.c
+++ b/src/eap_server/eap_server_gpsk.c
@@ -208,8 +208,8 @@
}
-static Boolean eap_gpsk_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_gpsk_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_gpsk_data *data = priv;
const u8 *pos;
@@ -218,21 +218,21 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-GPSK: Invalid frame");
- return TRUE;
+ return true;
}
wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode=%d", *pos);
if (data->state == GPSK_1 && *pos == EAP_GPSK_OPCODE_GPSK_2)
- return FALSE;
+ return false;
if (data->state == GPSK_3 && *pos == EAP_GPSK_OPCODE_GPSK_4)
- return FALSE;
+ return false;
wpa_printf(MSG_INFO, "EAP-GPSK: Unexpected opcode=%d in state=%d",
*pos, data->state);
- return TRUE;
+ return true;
}
@@ -560,7 +560,7 @@
}
-static Boolean eap_gpsk_isDone(struct eap_sm *sm, void *priv)
+static bool eap_gpsk_isDone(struct eap_sm *sm, void *priv)
{
struct eap_gpsk_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -601,7 +601,7 @@
}
-static Boolean eap_gpsk_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_gpsk_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_gpsk_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_gtc.c b/src/eap_server/eap_server_gtc.c
index fcccbcb..6310793 100644
--- a/src/eap_server/eap_server_gtc.c
+++ b/src/eap_server/eap_server_gtc.c
@@ -74,8 +74,8 @@
}
-static Boolean eap_gtc_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_gtc_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -83,10 +83,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-GTC: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -184,14 +184,14 @@
}
-static Boolean eap_gtc_isDone(struct eap_sm *sm, void *priv)
+static bool eap_gtc_isDone(struct eap_sm *sm, void *priv)
{
struct eap_gtc_data *data = priv;
return data->state != CONTINUE;
}
-static Boolean eap_gtc_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_gtc_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_gtc_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_identity.c b/src/eap_server/eap_server_identity.c
index 1b1db53..813e1d6 100644
--- a/src/eap_server/eap_server_identity.c
+++ b/src/eap_server/eap_server_identity.c
@@ -79,8 +79,8 @@
}
-static Boolean eap_identity_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_identity_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -89,10 +89,10 @@
respData, &len);
if (pos == NULL) {
wpa_printf(MSG_INFO, "EAP-Identity: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -127,7 +127,7 @@
os_free(buf);
}
if (sm->identity)
- sm->update_user = TRUE;
+ sm->update_user = true;
os_free(sm->identity);
sm->identity = os_malloc(len ? len : 1);
if (sm->identity == NULL) {
@@ -140,14 +140,14 @@
}
-static Boolean eap_identity_isDone(struct eap_sm *sm, void *priv)
+static bool eap_identity_isDone(struct eap_sm *sm, void *priv)
{
struct eap_identity_data *data = priv;
return data->state != CONTINUE;
}
-static Boolean eap_identity_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_identity_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_identity_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_ikev2.c b/src/eap_server/eap_server_ikev2.c
index 897637e..ef3cc8c 100644
--- a/src/eap_server/eap_server_ikev2.c
+++ b/src/eap_server/eap_server_ikev2.c
@@ -236,8 +236,8 @@
}
-static Boolean eap_ikev2_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_ikev2_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -246,10 +246,10 @@
&len);
if (pos == NULL) {
wpa_printf(MSG_INFO, "EAP-IKEV2: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -465,14 +465,14 @@
}
-static Boolean eap_ikev2_isDone(struct eap_sm *sm, void *priv)
+static bool eap_ikev2_isDone(struct eap_sm *sm, void *priv)
{
struct eap_ikev2_data *data = priv;
return data->state == DONE || data->state == FAIL;
}
-static Boolean eap_ikev2_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_ikev2_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_ikev2_data *data = priv;
return data->state == DONE && data->ikev2.state == IKEV2_DONE &&
diff --git a/src/eap_server/eap_server_md5.c b/src/eap_server/eap_server_md5.c
index cf5ceb1..c9b500c 100644
--- a/src/eap_server/eap_server_md5.c
+++ b/src/eap_server/eap_server_md5.c
@@ -73,8 +73,8 @@
}
-static Boolean eap_md5_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_md5_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -82,16 +82,16 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MD5, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-MD5: Invalid frame");
- return TRUE;
+ return true;
}
if (*pos != CHAP_MD5_LEN || 1 + CHAP_MD5_LEN > len) {
wpa_printf(MSG_INFO, "EAP-MD5: Invalid response "
"(response_len=%d payload_len=%lu",
*pos, (unsigned long) len);
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -136,14 +136,14 @@
}
-static Boolean eap_md5_isDone(struct eap_sm *sm, void *priv)
+static bool eap_md5_isDone(struct eap_sm *sm, void *priv)
{
struct eap_md5_data *data = priv;
return data->state != CONTINUE;
}
-static Boolean eap_md5_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_md5_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_md5_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 8a1621a..9b3eb26 100644
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -235,8 +235,8 @@
}
-static Boolean eap_mschapv2_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_mschapv2_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_mschapv2_data *data = priv;
struct eap_mschapv2_hdr *resp;
@@ -247,7 +247,7 @@
&len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid frame");
- return TRUE;
+ return true;
}
resp = (struct eap_mschapv2_hdr *) pos;
@@ -255,7 +255,7 @@
resp->op_code != MSCHAPV2_OP_RESPONSE) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Response - "
"ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
if (data->state == SUCCESS_REQ &&
@@ -263,17 +263,17 @@
resp->op_code != MSCHAPV2_OP_FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Success or "
"Failure - ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
if (data->state == FAILURE_REQ &&
resp->op_code != MSCHAPV2_OP_FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Failure "
"- ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -531,7 +531,7 @@
}
-static Boolean eap_mschapv2_isDone(struct eap_sm *sm, void *priv)
+static bool eap_mschapv2_isDone(struct eap_sm *sm, void *priv)
{
struct eap_mschapv2_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -564,7 +564,7 @@
}
-static Boolean eap_mschapv2_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_mschapv2_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_mschapv2_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_pax.c b/src/eap_server/eap_server_pax.c
index 5ed29ef..fb089d5 100644
--- a/src/eap_server/eap_server_pax.c
+++ b/src/eap_server/eap_server_pax.c
@@ -195,8 +195,8 @@
}
-static Boolean eap_pax_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_pax_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_pax_data *data = priv;
struct eap_pax_hdr *resp;
@@ -207,7 +207,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PAX, respData, &len);
if (pos == NULL || len < sizeof(*resp) + EAP_PAX_ICV_LEN) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid frame");
- return TRUE;
+ return true;
}
mlen = sizeof(struct eap_hdr) + 1 + len;
@@ -225,14 +225,14 @@
resp->op_code != EAP_PAX_OP_STD_2) {
wpa_printf(MSG_DEBUG, "EAP-PAX: Expected PAX_STD-2 - "
"ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
if (data->state == PAX_STD_3 &&
resp->op_code != EAP_PAX_OP_ACK) {
wpa_printf(MSG_DEBUG, "EAP-PAX: Expected PAX-ACK - "
"ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
if (resp->op_code != EAP_PAX_OP_STD_2 &&
@@ -244,38 +244,38 @@
if (data->mac_id != resp->mac_id) {
wpa_printf(MSG_DEBUG, "EAP-PAX: Expected MAC ID 0x%x, "
"received 0x%x", data->mac_id, resp->mac_id);
- return TRUE;
+ return true;
}
if (resp->dh_group_id != EAP_PAX_DH_GROUP_NONE) {
wpa_printf(MSG_INFO, "EAP-PAX: Expected DH Group ID 0x%x, "
"received 0x%x", EAP_PAX_DH_GROUP_NONE,
resp->dh_group_id);
- return TRUE;
+ return true;
}
if (resp->public_key_id != EAP_PAX_PUBLIC_KEY_NONE) {
wpa_printf(MSG_INFO, "EAP-PAX: Expected Public Key ID 0x%x, "
"received 0x%x", EAP_PAX_PUBLIC_KEY_NONE,
resp->public_key_id);
- return TRUE;
+ return true;
}
if (resp->flags & EAP_PAX_FLAGS_MF) {
/* TODO: add support for reassembling fragments */
wpa_printf(MSG_INFO, "EAP-PAX: fragmentation not supported");
- return TRUE;
+ return true;
}
if (resp->flags & EAP_PAX_FLAGS_CE) {
wpa_printf(MSG_INFO, "EAP-PAX: Unexpected CE flag");
- return TRUE;
+ return true;
}
if (data->keys_set) {
if (len - sizeof(*resp) < EAP_PAX_ICV_LEN) {
wpa_printf(MSG_INFO, "EAP-PAX: No ICV in the packet");
- return TRUE;
+ return true;
}
icv = wpabuf_mhead_u8(respData) + mlen - EAP_PAX_ICV_LEN;
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", icv, EAP_PAX_ICV_LEN);
@@ -285,18 +285,18 @@
NULL, 0, NULL, 0, icvbuf) < 0) {
wpa_printf(MSG_INFO,
"EAP-PAX: Failed to calculate ICV");
- return TRUE;
+ return true;
}
if (os_memcmp_const(icvbuf, icv, EAP_PAX_ICV_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid ICV");
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected ICV",
icvbuf, EAP_PAX_ICV_LEN);
- return TRUE;
+ return true;
}
}
- return FALSE;
+ return false;
}
@@ -513,7 +513,7 @@
}
-static Boolean eap_pax_isDone(struct eap_sm *sm, void *priv)
+static bool eap_pax_isDone(struct eap_sm *sm, void *priv)
{
struct eap_pax_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -563,7 +563,7 @@
}
-static Boolean eap_pax_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_pax_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_pax_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c
index 02d8b8e..f234f6f 100644
--- a/src/eap_server/eap_server_peap.c
+++ b/src/eap_server/eap_server_peap.c
@@ -569,8 +569,8 @@
}
-static Boolean eap_peap_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_peap_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -578,10 +578,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PEAP, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-PEAP: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1289,7 +1289,7 @@
}
-static Boolean eap_peap_isDone(struct eap_sm *sm, void *priv)
+static bool eap_peap_isDone(struct eap_sm *sm, void *priv)
{
struct eap_peap_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -1383,7 +1383,7 @@
}
-static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_peap_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_peap_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_psk.c b/src/eap_server/eap_server_psk.c
index 511973c..f55f70d 100644
--- a/src/eap_server/eap_server_psk.c
+++ b/src/eap_server/eap_server_psk.c
@@ -171,8 +171,8 @@
}
-static Boolean eap_psk_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_psk_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_psk_data *data = priv;
size_t len;
@@ -182,7 +182,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PSK, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-PSK: Invalid frame");
- return TRUE;
+ return true;
}
t = EAP_PSK_FLAGS_GET_T(*pos);
@@ -191,22 +191,22 @@
if (data->state == PSK_1 && t != 1) {
wpa_printf(MSG_DEBUG, "EAP-PSK: Expected PSK-2 - "
"ignore T=%d", t);
- return TRUE;
+ return true;
}
if (data->state == PSK_3 && t != 3) {
wpa_printf(MSG_DEBUG, "EAP-PSK: Expected PSK-4 - "
"ignore T=%d", t);
- return TRUE;
+ return true;
}
if ((t == 1 && len < sizeof(struct eap_psk_hdr_2)) ||
(t == 3 && len < sizeof(struct eap_psk_hdr_4))) {
wpa_printf(MSG_DEBUG, "EAP-PSK: Too short frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -433,7 +433,7 @@
}
-static Boolean eap_psk_isDone(struct eap_sm *sm, void *priv)
+static bool eap_psk_isDone(struct eap_sm *sm, void *priv)
{
struct eap_psk_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -474,7 +474,7 @@
}
-static Boolean eap_psk_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_psk_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_psk_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 6bf3a23..81cddca 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -530,8 +530,8 @@
}
-static Boolean eap_pwd_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_pwd_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_pwd_data *data = priv;
const u8 *pos;
@@ -540,7 +540,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PWD, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-pwd: Invalid frame");
- return TRUE;
+ return true;
}
wpa_printf(MSG_DEBUG, "EAP-pwd: Received frame: exch = %d, len = %d",
@@ -548,20 +548,20 @@
if (data->state == PWD_ID_Req &&
((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_ID_EXCH))
- return FALSE;
+ return false;
if (data->state == PWD_Commit_Req &&
((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_COMMIT_EXCH))
- return FALSE;
+ return false;
if (data->state == PWD_Confirm_Req &&
((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_CONFIRM_EXCH))
- return FALSE;
+ return false;
wpa_printf(MSG_INFO, "EAP-pwd: Unexpected opcode=%d in state=%d",
*pos, data->state);
- return TRUE;
+ return true;
}
@@ -1003,14 +1003,14 @@
}
-static Boolean eap_pwd_is_success(struct eap_sm *sm, void *priv)
+static bool eap_pwd_is_success(struct eap_sm *sm, void *priv)
{
struct eap_pwd_data *data = priv;
return data->state == SUCCESS;
}
-static Boolean eap_pwd_is_done(struct eap_sm *sm, void *priv)
+static bool eap_pwd_is_done(struct eap_sm *sm, void *priv)
{
struct eap_pwd_data *data = priv;
return (data->state == SUCCESS) || (data->state == FAILURE);
diff --git a/src/eap_server/eap_server_sake.c b/src/eap_server/eap_server_sake.c
index 56cfbfb..8c39e63 100644
--- a/src/eap_server/eap_server_sake.c
+++ b/src/eap_server/eap_server_sake.c
@@ -232,8 +232,8 @@
}
-static Boolean eap_sake_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_sake_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_sake_data *data = priv;
struct eap_sake_hdr *resp;
@@ -244,7 +244,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, respData, &len);
if (pos == NULL || len < sizeof(struct eap_sake_hdr)) {
wpa_printf(MSG_INFO, "EAP-SAKE: Invalid frame");
- return TRUE;
+ return true;
}
resp = (struct eap_sake_hdr *) pos;
@@ -254,33 +254,33 @@
if (version != EAP_SAKE_VERSION) {
wpa_printf(MSG_INFO, "EAP-SAKE: Unknown version %d", version);
- return TRUE;
+ return true;
}
if (session_id != data->session_id) {
wpa_printf(MSG_INFO, "EAP-SAKE: Session ID mismatch (%d,%d)",
session_id, data->session_id);
- return TRUE;
+ return true;
}
wpa_printf(MSG_DEBUG, "EAP-SAKE: Received frame: subtype=%d", subtype);
if (data->state == IDENTITY && subtype == EAP_SAKE_SUBTYPE_IDENTITY)
- return FALSE;
+ return false;
if (data->state == CHALLENGE && subtype == EAP_SAKE_SUBTYPE_CHALLENGE)
- return FALSE;
+ return false;
if (data->state == CONFIRM && subtype == EAP_SAKE_SUBTYPE_CONFIRM)
- return FALSE;
+ return false;
if (subtype == EAP_SAKE_SUBTYPE_AUTH_REJECT)
- return FALSE;
+ return false;
wpa_printf(MSG_INFO, "EAP-SAKE: Unexpected subtype=%d in state=%d",
subtype, data->state);
- return TRUE;
+ return true;
}
@@ -456,7 +456,7 @@
}
-static Boolean eap_sake_isDone(struct eap_sm *sm, void *priv)
+static bool eap_sake_isDone(struct eap_sm *sm, void *priv)
{
struct eap_sake_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -497,7 +497,7 @@
}
-static Boolean eap_sake_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_sake_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_sake_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c
index d7ac87c..8a68289 100644
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -360,8 +360,8 @@
}
-static Boolean eap_sim_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_sim_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -369,55 +369,55 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, respData, &len);
if (pos == NULL || len < 3) {
wpa_printf(MSG_INFO, "EAP-SIM: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
-static Boolean eap_sim_unexpected_subtype(struct eap_sim_data *data,
- u8 subtype)
+static bool eap_sim_unexpected_subtype(struct eap_sim_data *data,
+ u8 subtype)
{
if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR)
- return FALSE;
+ return false;
switch (data->state) {
case START:
if (subtype != EAP_SIM_SUBTYPE_START) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case CHALLENGE:
if (subtype != EAP_SIM_SUBTYPE_CHALLENGE) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case REAUTH:
if (subtype != EAP_SIM_SUBTYPE_REAUTHENTICATION) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case NOTIFICATION:
if (subtype != EAP_SIM_SUBTYPE_NOTIFICATION) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
default:
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected state (%d) for "
"processing a response", data->state);
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -794,7 +794,7 @@
}
-static Boolean eap_sim_isDone(struct eap_sm *sm, void *priv)
+static bool eap_sim_isDone(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -833,7 +833,7 @@
}
-static Boolean eap_sim_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_sim_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_teap.c b/src/eap_server/eap_server_teap.c
index a2cbf7a..d7b1b09 100644
--- a/src/eap_server/eap_server_teap.c
+++ b/src/eap_server/eap_server_teap.c
@@ -965,8 +965,8 @@
}
-static Boolean eap_teap_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_teap_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -974,10 +974,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TEAP, respData, &len);
if (!pos || len < 1) {
wpa_printf(MSG_INFO, "EAP-TEAP: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1974,7 +1974,7 @@
}
-static Boolean eap_teap_isDone(struct eap_sm *sm, void *priv)
+static bool eap_teap_isDone(struct eap_sm *sm, void *priv)
{
struct eap_teap_data *data = priv;
@@ -2032,7 +2032,7 @@
}
-static Boolean eap_teap_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_teap_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_teap_data *data = priv;
diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index c64cebb..769fd1f 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -226,8 +226,8 @@
}
-static Boolean eap_tls_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_tls_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_tls_data *data = priv;
const u8 *pos;
@@ -246,10 +246,10 @@
respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -346,7 +346,7 @@
}
-static Boolean eap_tls_isDone(struct eap_sm *sm, void *priv)
+static bool eap_tls_isDone(struct eap_sm *sm, void *priv)
{
struct eap_tls_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -431,7 +431,7 @@
}
-static Boolean eap_tls_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_tls_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_tls_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_tnc.c b/src/eap_server/eap_server_tnc.c
index f6cdcb1..36fb5c3 100644
--- a/src/eap_server/eap_server_tnc.c
+++ b/src/eap_server/eap_server_tnc.c
@@ -320,8 +320,8 @@
}
-static Boolean eap_tnc_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_tnc_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_tnc_data *data = priv;
const u8 *pos;
@@ -331,29 +331,29 @@
&len);
if (pos == NULL) {
wpa_printf(MSG_INFO, "EAP-TNC: Invalid frame");
- return TRUE;
+ return true;
}
if (len == 0 && data->state != WAIT_FRAG_ACK) {
wpa_printf(MSG_INFO, "EAP-TNC: Invalid frame (empty)");
- return TRUE;
+ return true;
}
if (len == 0)
- return FALSE; /* Fragment ACK does not include flags */
+ return false; /* Fragment ACK does not include flags */
if ((*pos & EAP_TNC_VERSION_MASK) != EAP_TNC_VERSION) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Unsupported version %d",
*pos & EAP_TNC_VERSION_MASK);
- return TRUE;
+ return true;
}
if (*pos & EAP_TNC_FLAGS_START) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Peer used Start flag");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -537,14 +537,14 @@
}
-static Boolean eap_tnc_isDone(struct eap_sm *sm, void *priv)
+static bool eap_tnc_isDone(struct eap_sm *sm, void *priv)
{
struct eap_tnc_data *data = priv;
return data->state == DONE || data->state == FAIL;
}
-static Boolean eap_tnc_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_tnc_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_tnc_data *data = priv;
return data->state == DONE;
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 721835d..2f0c041 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -509,8 +509,8 @@
}
-static Boolean eap_ttls_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_ttls_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -518,10 +518,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1260,7 +1260,7 @@
}
-static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv)
+static bool eap_ttls_isDone(struct eap_sm *sm, void *priv)
{
struct eap_ttls_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -1290,7 +1290,7 @@
}
-static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_ttls_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_vendor_test.c b/src/eap_server/eap_server_vendor_test.c
index 9639977..7786041 100644
--- a/src/eap_server/eap_server_vendor_test.c
+++ b/src/eap_server/eap_server_vendor_test.c
@@ -88,8 +88,8 @@
}
-static Boolean eap_vendor_test_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_vendor_test_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -97,10 +97,10 @@
pos = eap_hdr_validate(EAP_VENDOR_ID, EAP_VENDOR_TYPE, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-VENDOR-TEST: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -130,7 +130,7 @@
}
-static Boolean eap_vendor_test_isDone(struct eap_sm *sm, void *priv)
+static bool eap_vendor_test_isDone(struct eap_sm *sm, void *priv)
{
struct eap_vendor_test_data *data = priv;
return data->state == SUCCESS;
@@ -158,7 +158,7 @@
}
-static Boolean eap_vendor_test_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_vendor_test_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_vendor_test_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c
index 364c089..fc70cf1 100644
--- a/src/eap_server/eap_server_wsc.c
+++ b/src/eap_server/eap_server_wsc.c
@@ -270,8 +270,8 @@
}
-static Boolean eap_wsc_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_wsc_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -280,10 +280,10 @@
respData, &len);
if (pos == NULL || len < 2) {
wpa_printf(MSG_INFO, "EAP-WSC: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -462,17 +462,17 @@
}
-static Boolean eap_wsc_isDone(struct eap_sm *sm, void *priv)
+static bool eap_wsc_isDone(struct eap_sm *sm, void *priv)
{
struct eap_wsc_data *data = priv;
return data->state == FAIL;
}
-static Boolean eap_wsc_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_wsc_isSuccess(struct eap_sm *sm, void *priv)
{
/* EAP-WSC will always result in EAP-Failure */
- return FALSE;
+ return false;
}
diff --git a/src/l2_packet/l2_packet.h b/src/l2_packet/l2_packet.h
index 5387177..6a86280 100644
--- a/src/l2_packet/l2_packet.h
+++ b/src/l2_packet/l2_packet.h
@@ -61,6 +61,10 @@
* points to len bytes of the payload after the layer 2 header and similarly,
* TX buffers start with payload. This behavior can be changed by setting
* l2_hdr=1 to include the layer 2 header in the data buffer.
+ *
+ * IF rx_callback is NULL, receive operation is not opened at all, i.e., only
+ * the TX path and additional helper functions for fetching MAC and IP
+ * addresses can be used.
*/
struct l2_packet_data * l2_packet_init(
const char *ifname, const u8 *own_addr, unsigned short protocol,
diff --git a/src/l2_packet/l2_packet_freebsd.c b/src/l2_packet/l2_packet_freebsd.c
index aa83648..60de9fe 100644
--- a/src/l2_packet/l2_packet_freebsd.c
+++ b/src/l2_packet/l2_packet_freebsd.c
@@ -84,7 +84,7 @@
packet = pcap_next(pcap, &hdr);
- if (packet == NULL || hdr.caplen < sizeof(*ethhdr))
+ if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
return;
ethhdr = (struct l2_ethhdr *) packet;
diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c
index 138dcaf..7897bc0 100644
--- a/src/l2_packet/l2_packet_linux.c
+++ b/src/l2_packet/l2_packet_linux.c
@@ -312,7 +312,8 @@
ll.sll_family = PF_PACKET;
ll.sll_ifindex = ifr.ifr_ifindex;
ll.sll_protocol = htons(protocol);
- if (bind(l2->fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
+ if (rx_callback &&
+ bind(l2->fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
wpa_printf(MSG_ERROR, "%s: bind[PF_PACKET]: %s",
__func__, strerror(errno));
close(l2->fd);
@@ -329,7 +330,8 @@
}
os_memcpy(l2->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
- eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
+ if (rx_callback)
+ eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
return l2;
}
diff --git a/src/l2_packet/l2_packet_ndis.c b/src/l2_packet/l2_packet_ndis.c
index 7167781..4a4b639 100644
--- a/src/l2_packet/l2_packet_ndis.c
+++ b/src/l2_packet/l2_packet_ndis.c
@@ -294,7 +294,8 @@
}
rx_src = ethhdr->h_source;
- l2->rx_callback(l2->rx_callback_ctx, rx_src, rx_buf, rx_len);
+ if (l2->rx_callback)
+ l2->rx_callback(l2->rx_callback_ctx, rx_src, rx_buf, rx_len);
#ifndef _WIN32_WCE
l2_ndisuio_start_read(l2, 1);
#endif /* _WIN32_WCE */
diff --git a/src/l2_packet/l2_packet_none.c b/src/l2_packet/l2_packet_none.c
index 307fc6d..bc7a4e8 100644
--- a/src/l2_packet/l2_packet_none.c
+++ b/src/l2_packet/l2_packet_none.c
@@ -84,7 +84,7 @@
* TODO: open connection for receiving frames
*/
l2->fd = -1;
- if (l2->fd >= 0)
+ if (rx_callback && l2->fd >= 0)
eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
return l2;
@@ -112,7 +112,7 @@
eloop_unregister_read_sock(l2->fd);
/* TODO: close connection */
}
-
+
os_free(l2);
}
diff --git a/src/l2_packet/l2_packet_pcap.c b/src/l2_packet/l2_packet_pcap.c
index 423c099..c2b17fc 100644
--- a/src/l2_packet/l2_packet_pcap.c
+++ b/src/l2_packet/l2_packet_pcap.c
@@ -127,7 +127,7 @@
packet = pcap_next(pcap, &hdr);
- if (packet == NULL || hdr.caplen < sizeof(*ethhdr))
+ if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
return;
ethhdr = (struct l2_ethhdr *) packet;
@@ -152,7 +152,7 @@
unsigned char *buf;
size_t len;
- if (pkt_data == NULL || hdr->caplen < sizeof(*ethhdr))
+ if (!l2->rx_callback || !pkt_data || hdr->caplen < sizeof(*ethhdr))
return;
ethhdr = (struct l2_ethhdr *) pkt_data;
diff --git a/src/l2_packet/l2_packet_privsep.c b/src/l2_packet/l2_packet_privsep.c
index ce86802..014a45f 100644
--- a/src/l2_packet/l2_packet_privsep.c
+++ b/src/l2_packet/l2_packet_privsep.c
@@ -216,7 +216,8 @@
}
os_memcpy(l2->own_addr, reply, ETH_ALEN);
- eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
+ if (rx_callback)
+ eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
return l2;
diff --git a/src/l2_packet/l2_packet_winpcap.c b/src/l2_packet/l2_packet_winpcap.c
index 74085a3..3452051 100644
--- a/src/l2_packet/l2_packet_winpcap.c
+++ b/src/l2_packet/l2_packet_winpcap.c
@@ -224,6 +224,9 @@
return NULL;
}
+ if (!rx_callback)
+ return l2;
+
l2->rx_avail = CreateEvent(NULL, TRUE, FALSE, NULL);
l2->rx_done = CreateEvent(NULL, TRUE, FALSE, NULL);
l2->rx_notify = CreateEvent(NULL, TRUE, FALSE, NULL);
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 166d6ee..3ce5327 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -3252,6 +3252,11 @@
case WPA_PARAM_USE_EXT_KEY_ID:
sm->use_ext_key_id = value;
break;
+#ifdef CONFIG_TESTING_OPTIONS
+ case WPA_PARAM_FT_RSNXE_USED:
+ sm->ft_rsnxe_used = value;
+ break;
+#endif /* CONFIG_TESTING_OPTIONS */
default:
break;
}
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 796f392..0986c6c 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -106,6 +106,7 @@
WPA_PARAM_DENY_PTK0_REKEY,
WPA_PARAM_EXT_KEY_ID,
WPA_PARAM_USE_EXT_KEY_ID,
+ WPA_PARAM_FT_RSNXE_USED,
};
struct rsn_supp_config {
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 203a61c..3e51cf2 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -305,6 +305,13 @@
ftie_len = pos++;
rsnxe_used = wpa_key_mgmt_sae(sm->key_mgmt) && anonce &&
(sm->sae_pwe == 1 || sm->sae_pwe == 2);
+#ifdef CONFIG_TESTING_OPTIONS
+ if (anonce && sm->ft_rsnxe_used) {
+ rsnxe_used = sm->ft_rsnxe_used == 1;
+ wpa_printf(MSG_DEBUG, "TESTING: FT: Force RSNXE Used %d",
+ rsnxe_used);
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
if (wpa_key_mgmt_sha384(sm->key_mgmt)) {
struct rsn_ftie_sha384 *ftie;
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 1ad75dc..497d128 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -153,6 +153,7 @@
#ifdef CONFIG_TESTING_OPTIONS
struct wpabuf *test_assoc_ie;
+ int ft_rsnxe_used;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_FILS
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index 141ac50..654c01b 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -157,6 +157,7 @@
plain[0] != 0x00 || plain[1] != 0x01) {
wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB "
"structure");
+ wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len);
return -1;
}
@@ -165,6 +166,7 @@
if (plain[2] != 0xff) {
wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature "
"PS (BT=01)");
+ wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len);
return -1;
}
while (pos < plain + len && *pos == 0xff)
@@ -174,12 +176,14 @@
/* PKCS #1 v1.5, 8.1: At least eight octets long PS */
wpa_printf(MSG_INFO, "LibTomCrypt: Too short signature "
"padding");
+ wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len);
return -1;
}
if (pos + 16 /* min hash len */ >= plain + len || *pos != 0x00) {
wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB "
"structure (2)");
+ wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len);
return -1;
}
pos++;
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index 5c8ac56..d2e685c 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -264,7 +264,8 @@
return -1;
pos = hdr.payload;
if (*pos) {
- wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
+ wpa_printf(MSG_DEBUG,
+ "X509: BITSTRING (subjectPublicKey) - %d unused bits",
*pos);
/*
* TODO: should this be rejected? X.509 certificates are
@@ -1851,7 +1852,8 @@
}
pos = hdr.payload;
if (*pos) {
- wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
+ wpa_printf(MSG_DEBUG,
+ "X509: BITSTRING (signatureValue) - %d unused bits",
*pos);
/* PKCS #1 v1.5 10.2.1:
* It is an error if the length in bits of the signature S is
diff --git a/src/utils/includes.h b/src/utils/includes.h
index 75513fc..741fc9c 100644
--- a/src/utils/includes.h
+++ b/src/utils/includes.h
@@ -18,6 +18,7 @@
#include <stdlib.h>
#include <stddef.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c
index 5ec7133..f372256 100644
--- a/src/wps/wps_attr_build.c
+++ b/src/wps/wps_attr_build.c
@@ -310,6 +310,9 @@
auth_types &= ~WPS_AUTH_WPA;
auth_types &= ~WPS_AUTH_WPA2;
auth_types &= ~WPS_AUTH_SHARED;
+#ifdef CONFIG_NO_TKIP
+ auth_types &= ~WPS_AUTH_WPAPSK;
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WPS_TESTING
if (wps_force_auth_types_in_use) {
wpa_printf(MSG_DEBUG,
@@ -331,6 +334,9 @@
{
u16 encr_types = WPS_ENCR_TYPES;
encr_types &= ~WPS_ENCR_WEP;
+#ifdef CONFIG_NO_TKIP
+ encr_types &= ~WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WPS_TESTING
if (wps_force_encr_types_in_use) {
wpa_printf(MSG_DEBUG,
diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index 80ed603..819cd43 100644
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -880,6 +880,17 @@
cred.auth_type |= WPS_AUTH_WPA2PSK;
}
+#ifdef CONFIG_NO_TKIP
+ if (cred.encr_type & WPS_ENCR_TKIP) {
+ wpa_printf(MSG_DEBUG, "WPS: Disable encr_type TKIP");
+ cred.encr_type &= ~WPS_ENCR_TKIP;
+ }
+ if (cred.auth_type & WPS_AUTH_WPAPSK) {
+ wpa_printf(MSG_DEBUG, "WPS: Disable auth_type WPAPSK");
+ cred.auth_type &= ~WPS_AUTH_WPAPSK;
+ }
+#endif /* CONFIG_NO_TKIP */
+
if (wps->wps->cred_cb) {
cred.cred_attr = wpabuf_head(attrs);
cred.cred_attr_len = wpabuf_len(attrs);
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 9ee89ae..9e1ee36 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -1677,8 +1677,10 @@
wps->wps->auth_types, wps->auth_type);
if (wps->auth_type & WPS_AUTH_WPA2PSK)
wps->auth_type = WPS_AUTH_WPA2PSK;
+#ifndef CONFIG_NO_TKIP
else if (wps->auth_type & WPS_AUTH_WPAPSK)
wps->auth_type = WPS_AUTH_WPAPSK;
+#endif /* CONFIG_NO_TKIP */
else if (wps->auth_type & WPS_AUTH_OPEN)
wps->auth_type = WPS_AUTH_OPEN;
else {
@@ -1700,8 +1702,10 @@
wps->auth_type == WPS_AUTH_WPAPSK) {
if (wps->encr_type & WPS_ENCR_AES)
wps->encr_type = WPS_ENCR_AES;
+#ifndef CONFIG_NO_TKIP
else if (wps->encr_type & WPS_ENCR_TKIP)
wps->encr_type = WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
else {
wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
"type for WPA/WPA2");